Think Your Business Doesn’t Need Secondary DNS? Think Again.

Most Canadian Businesses Aren’t Sufficiently Prepared to Prevent Downtime or DDoS Attacks

The DNS is like the unsung hero of the Internet. It’s the magic that makes the Internet logical and navigable for its human users. When it’s working as expected, most of us take it for granted … until something goes wrong.

The Domain Name System is an integral piece of the internet’s infrastructure, underpinning all of the key services that an online business relies upon – domain name or address on the web, email and instant messaging tools, API calls made by web applications, VPNs, online meeting services, and on and on.

All of these things depend on the DNS to translate semantic, human-readable domain names into machine readable IP addresses like 195.4.198.151. Virtually everything that we do on the internet, such as opening a website, browsing through webpages, checking email or accessing web based services, is underpinned by the Domain Name System. So as you might imagine, a DNS failure can have serious, or even devastating impacts for a business or organization in terms of lost revenue, trust and reputation.

Given the critical importance that a business’ DNS stays up and running at all times, it’s strongly recommended – and common sense IT practice – to configure backup, secondary DNS on separate machines, with separate internet connections, and in multiple, diverse geographical locations to ensure redundancy if the primary DNS fails. This is both a relatively simple and, for most businesses, comparatively inexpensive thing to do relative to the adverse business and reputational consequences DNS failure can wreak on an organization.

Despite this, so many businesses – especially small businesses – neglect to set up secondary DNS. Why? Mostly because when things are running smoothly, we tend to take it for granted. We also, naively, tend to believe that bad things won’t happen to us. A recent survey of US business owners by the insurance company Nationwide indicated that 76% percent of business owners believed that cyberattacks were unlikely to affect their businesses, while 41% thought cyberattacks impacted large businesses more often than small ones.

The current reality, however, is that smaller businesses are viewed as easy and lucrative targets for cyberattacks because they often are behind on internet security best practices and are less able to recognize and counter threats. According to a 2016 study by the Ponemon Institute, more than 50% of SMBs were breached in the previous 12 month period.

Small businesses, however, are not alone in this misconception. Even large organizations with established IT protocols and well funded departments have DNS configurations that leave them exposed to outsize risk. For example, a recent analysis of Canadian municipalities by the Canadian Internet Registration Authority revealed that 61% were only using a single DNS provider. That means that their website, email servers, online resource libraries … and any other applications that are dependent on the DNS could stop working should one DNS server go down. These numbers are both scary and negligent.

As a domain registrar, we see the evidence of this day in and day out, with large numbers of customers not specifying secondary DNS records in spite of our ongoing best practice recommendations to do so. And what makes this even scarier is that DDoS attacks are only increasing in frequency, size and intensity. We know from first hand experience. Having been in the domain space for 16+ years, DDoS and cyberattacks more generally have never been as prevalent as they are now and they continue to escalate. Simply assuming it isn’t going to happen to you, and therefore your customers, is not a strategy.

While there are a number of things businesses can to prevent and mitigate DDoS attacks, such as making sure operating systems and middleware are up to date, a good starting place is to simply monitor and analyze your traffic. Understanding your traffic patterns will help alert you to unusual occurrences and recognize if and when you are being attacked. The other thing you can do right away – and I mean, like yesterday – is get secondary DNS in place.

Webnames secondary Anycast DNS is an excellent choice for businesses because not only does it increase resilience against DDoS attacks and help to mitigate them, it also enhances the performance of the many DNS dependant technologies a business relies on in it’s day-to-day activities.

Secondary Anycast DNS expands on a unicast DNS infrastructure by geographically distributing copies of your nameserver around the world, while limiting access via a single IP address. With two Anycast clouds in play, there can be no single point of failure. If a nameserver in an anycast cloud goes down, it’s automatically removed and the DNS queries routed around the outage. Another significant advantage of Webnames Anycast service, when compared to other Anycast DNS services, is that it has been architected with Canadian businesses and organizations in mind. Our service has 12 nodes situated around the globe, plus an additional 8 nodes running coast-to-coast in Canada, situated close to major Canadian population centres. This means that homegrown traffic moves exceptionally fast, giving Canadian businesses and their clients the fastest possible domain resolution times – in addition to increased resilience against DDoS attacks.

Webnames Anycast comes with a 100% uptime SLA and is easy to configure – for many businesses, they can be up and running in as little as thirty minutes. We’ll even help you get set up. Customers using the service also do not incur any overage fees for surges in traffic caused by unforeseen events like a trending promotion or media story, or worst case scenario, a full scale DDoS attack. Also, your domain doesn’t need to be with Webnames to use Anycast, it can be at any provider anywhere in the world, and Anycast can even be used in conjunction with other secondary DNS services.

So whether you are a small business, medium-sized organization or major corporation, the future is going to bring new threats. Eliminating service disruptions to your website and downtime of online assets that customers access and employees depend upon to do their work should needs to be a business priority in this 24×365 connected world. While there is no way of guaranteeing your business or organization won’t fall victim to a nameserver outage or DDoS attack, you can take affordable, effective measures to mitigate the threat, stay online and protect your reputation if the unforeseen occurs. Don’t put your business at risk by assuming it can’t or won’t happen to you.